1 #! /usr/bin/ksh
2 #
3 #
4 # This file and its contents are supplied under the terms of the
5 # Common Development and Distribution License ("CDDL"), version 1.0.
6 # You may only use this file in accordance with the terms of version
7 # 1.0 of the CDDL.
8 #
9 # A full copy of the text of the CDDL should have accompanied this
10 # source. A copy of the CDDL is also available via the Internet at
11 # http://www.illumos.org/license/CDDL.
12 #
13
14 #
15 # Copyright 2015, Richard Lowe.
16 #
17
18 mkdir /tmp/$$-secflags-test
19 cd /tmp/$$-secflags-test
20
21 /usr/bin/psecflags -s none $$ # Clear ourselves out
22 cat > expected <<EOF
23 I: none
24 EOF
25
26 /usr/bin/psecflags $$ | grep I: > output
27 diff -u expected output || exit 1 # Make sure the setting of 'none' worked
28
29 cleanup() {
30 cd /
31 rm -fr /tmp/$$-secflags-test
32 }
33 trap cleanup EXIT
34
35 ## Tests of manipulating a running process (ourselves)
36
37 self_set() {
38 echo "Set (self)"
39 /usr/bin/psecflags -s aslr $$
40
41 cat > expected <<EOF
42 I: aslr
43 EOF
44
45 /usr/bin/psecflags $$ | grep I: > output
46 diff -u expected output || exit 1
47 }
48
49 self_add() {
50 echo "Add (self)"
51 /usr/bin/psecflags -s current,noexecstack $$
52 cat > expected <<EOF
53 I: aslr,noexecstack
54 EOF
55
56 /usr/bin/psecflags $$ | grep I: > output
57 diff -u expected output || exit 1
58 }
59
60 self_remove() {
61 echo "Remove (self)"
62 /usr/bin/psecflags -s current,-aslr $$
63 cat > expected <<EOF
64 I: noexecstack
65 EOF
66
67 /usr/bin/psecflags $$ | grep I: > output
68 diff -u expected output || exit 1
69 }
70
71 self_all() {
72 echo "All (self)"
73 /usr/bin/psecflags -s all $$
74 /usr/bin/psecflags $$ | grep -q 'I:.*,.*,' || exit 1 # This is lame, but functional
75 }
76
77 self_none() {
78 echo "None (self)"
79 /usr/bin/psecflags -s all $$
80 /usr/bin/psecflags -s none $$
81 cat > expected <<EOF
82 I: none
83 EOF
84 /usr/bin/psecflags $$ | grep I: > output
85 diff -u expected output || exit 1
86 }
87
88 child_set() {
89 echo "Set (child)"
90
91 typeset pid;
92
93 /usr/bin/psecflags -s aslr -e sleep 10000 &
94 pid=$!
95 cat > expected <<EOF
96 E: aslr
97 I: aslr
98 EOF
99 /usr/bin/psecflags $pid | grep '[IE]:' > output
100 kill $pid
101 diff -u expected output || exit 1
102 }
103
104 child_add() {
105 echo "Add (child)"
106
107 typeset pid;
108
109 /usr/bin/psecflags -s aslr $$
110 /usr/bin/psecflags -s current,noexecstack -e sleep 10000 &
111 pid=$!
112 cat > expected <<EOF
113 E: aslr,noexecstack
114 I: aslr,noexecstack
115 EOF
116 /usr/bin/psecflags $pid | grep '[IE]:' > output
117 kill $pid
118 /usr/bin/psecflags -s none $$
119 diff -u expected output || exit 1
120 }
121
122 child_remove() {
123 echo "Remove (child)"
124
125 typeset pid;
126
127 /usr/bin/psecflags -s aslr $$
128 /usr/bin/psecflags -s current,-aslr -e sleep 10000 &
129 pid=$!
130 cat > expected <<EOF
131 E: none
132 I: none
133 EOF
134 /usr/bin/psecflags $pid | grep '[IE]:' > output
135 kill $pid
136 /usr/bin/psecflags -s none $$
137 diff -u expected output || exit 1
138 }
139
140 child_all() {
141 echo "All (child)"
142
143 typeset pid ret
144
145 /usr/bin/psecflags -s all -e sleep 10000 &
146 pid=$!
147 /usr/bin/psecflags $pid | grep -q 'E:.*,.*,' # This is lame, but functional
148 ret=$?
149 kill $pid
150 (( $ret != 0 )) && exit $ret
151 }
152
153 child_none() {
154 echo "None (child)"
155
156 typeset pid
157
158 /usr/bin/psecflags -s all $$
159
160 /usr/bin/psecflags -s none -e sleep 10000 &
161 pid=$!
162 cat > expected <<EOF
163 E: none
164 I: none
165 EOF
166 /usr/bin/psecflags $pid | grep '[IE]:' > output
167 kill $pid
168 diff -u expected output || exit 1
169 }
170
171 list() {
172 echo "List"
173 cat > expected<<EOF
174 aslr
175 forbidnullmap
176 noexecstack
177 EOF
178
179 /usr/bin/psecflags -l > output
180 diff -u expected output || exit 1
181 }
182
183 self_set
184 self_add
185 self_remove
186 self_all
187 self_none
188 child_set
189 child_add
190 child_remove
191 child_all
192 child_none
193 list
194
195 exit 0